TrickMo Malware Adopts TON Blockchain for C2 Comms | Femto Security Threat Intelligence

Key Takeaways

TrickMo banking trojan has evolved to use the TON blockchain for C2 communications.
This shift complicates detection as traffic mimics decentralized network patterns.
The malware continues to use phishing overlays and SMS interception to steal credentials.
Targets primarily include users of European banking and cryptocurrency platforms.

Original source screenshot for TrickMo Android Malware Evolves via TON Blockchain — Original source screenshot - bleepingcomputer.com

How to Defend Against Similar Threats

Audit mobile devices within the enterprise for unauthorized or suspicious applications.
Strengthen network monitoring to identify non-standard traffic patterns originating from mobile assets.
Implement comprehensive endpoint security that includes behavioral analysis for mobile apps.
Conduct regular penetration testing to identify gaps in mobile device security posture.

Threat Intel FAQ

How does the use of blockchain change detection for TrickMo?

By leveraging the TON blockchain, the malware can hide its C2 communication within legitimate blockchain traffic, making it harder for standard firewall and IPS solutions to block or identify the malicious activity.

What is the primary risk of this TrickMo variant for enterprise users?

The primary risk is the theft of financial credentials and two-factor authentication codes through phishing overlays, which can lead to unauthorized access to corporate accounts and financial loss.

Could a similar threat affect your organization?

If your team may be exposed to a similar threat, FemtoSec can help validate blast radius, prioritize remediation, and connect the issue to a practical security program.

TrickMo Android Malware Evolves via TON Blockchain

Key Takeaways

How to Defend Against Similar Threats

Threat Intel FAQ

Could a similar threat affect your organization?